ush.it - a beautiful place

Aerohive HiveManager Classic Privilege Escalation Vulnerability

September 4, 2017 at 5:12 pm - Filed under Hacks - 706 words, reading time ~2 minutes - Permalink - Comments

Sandro "guly" Zaccarini found a critical vulnerability in Aerohive HiveManager Classic 8.1r1. The vulnerability allows a local unprivileged user, normally restricted in a Tenant-environment, to execute code on underlying system.

QNAP QTS Domain Privilege Escalation Vulnerability

March 22, 2017 at 4:49 pm - Filed under Hacks - 1222 words, reading time ~4 minutes - Permalink - Comments

Pasquale "sid" Fiorillo found a critical vulnerability in QNAP QTS allowing the recovery of the Domain Admin password. Such password is "encrypted" with XOR and the key is a single byte! Any web application or extraneous software running in your QNAP system can access such configuration file and jeopardize your entire network if the NAS uses domain authentication for it's users.

Reed's Alert! Got something burning? Tell USH team.
THP USH Wisec DigitalBullets